SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 33 Next »

Using the value of a pointer to a FILE object after the associated file is closed is undefined behavior. (See undefined behavior 148.) Programs that close the standard streams (especially stdout but also stderr and stdin) must be careful not to use these streams in subsequent function calls, particularly those that implicitly operate on them (such as printf(), perror(), and getc()).

This rule can be generalized to other file representations.

Noncompliant Code Example

In this noncompliant code example, the stdout stream is used after it is closed:

#include <stdio.h>
 
int close_stdout(void) {
  if (fclose(stdout) == EOF) {
    return -1;
  }
 
  printf("stdout successfully closed.\n");
  return 0;
}

Compliant Solution

In this compliant solution, stdout is not used again after it is closed. This must remain true for the remainder of the program, or stdout must be assigned the address of an open file object. 

#include <stdio.h>
 
int close_stdout(void) {
  if (fclose(stdout) == EOF) {
    return -1;
  }

  fputs("stdout successfully closed.", stderr);
  return 0;
}

Risk Assessment

Using the value of a pointer to a FILE object after the associated file is closed is undefined behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO46-C

Medium

Unlikely

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
8.1p0
IO.UACUse after close
Compass/ROSE


Coverity
2017.07

USE_AFTER_FREE

Implemented
Klocwork
2024.1

SV.INCORRECT_RESOURCE_HANDLING.URH


LDRA tool suite
9.7.1

48 D

Partially implemented
Parasoft C/C++test
2023.1
CERT_C-FIO46-a

Do not use resources that have been freed

Polyspace Bug Finder

R2023b

Closing a previously closed resource

Standard function call with incorrect arguments

Use of previously closed resource

Function closes a previously closed stream

Argument to a standard function does not meet requirements for use in the function

Function operates on a previously closed stream

PRQA QA-C

Unable to render {include} The included page could not be found.

2696, 2697, 2698
SonarQube C/C++ Plugin
3.11
S3588

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, open
[ISO/IEC 9899:2011

Subclause 7.21.3, "Files"
Subclause 7.21.5.1, "The fclose Function"


  • No labels